<?php

require( 'util.php' );
require_once( 'Stencil.php' );

if (!is_logged_as_admin())
{
	report_err_and_exit( '必须以管理员身份登录' );
}

require( 'dbconnect.php' );
$username = "";
$password = "";
$group = "";

output_frame_header( '志愿者网管理员,用户管理' );

?>

<style>
.wp .search { float: right; padding-right: 10px; }
.retrieval .search span { float: left }
.usercol { width:150px }
.pswcol { width:100px }
.groupcol { width:150px }
</style>

<script type="text/javascript" src="jquery.js"></script>


<!-- 空格 -->
<div class="space"></div>
<!-- 内容部分 -->
<div id="wp" class="wp ">
	<!-- 在此书写内容设计 -->
	<!-- 用于用户搜索部分 -->
	<div class="retrieval">
		<div class="search">
			<form name="searcher" action="administrator.php" method="get">
				<input type="hidden" name="action" value="search" />
				<span><input type="text" class="text02" name="srchtxt" id="srchtxt" value="输入用户名" /></span>
				<span><input type="button" value="搜索" class="but02" id="searchSubmitter" /></span>
			</form>
		</div>
	</div>
	
	<script type="text/javascript">
	
		$("#srchtxt").focus( function(){
			$(this).val('');
		}).blur( function() {
			if ($(this).val() == '')
				$(this).val('输入用户名');
		});
		
		$("#searchSubmitter").click( function() {
			var srchtxt = $("#srchtxt").val();			
			if (srchtxt == '' || srchtxt == '输入用户名')
				return;
			
			document.searcher.submit();
		});
	
	</script>

<?php

$show_detail = true;

if (isset( $_GET['action'] ))
{
	if ($_GET['action'] == 'search')
	{
		validate_action_get( array( 'srchtxt' ) );
		
		$userName = $_GET['srchtxt'];
		$sql = "SELECT name, password, `group` FROM `user` WHERE name LIKE '$userName'";
		$result = mysql_query( $sql ) or report_err_and_exit( mysql_error() );
		$userInfo = mysql_fetch_array( $result );
		
		if( $userInfo == null )
		{
			echo "<script type='text/javascript'> alert('该用户名不存在!'); location.href='administrator.php';</script>";
		}
		else
		{
			$username = $userInfo['name'];
			$password = $userInfo['password'];
			$group = $userInfo['group'];
?>

<script type="text/javascript">

	$(function() {
		$("#groupSelect").val("<?php echo $group; ?>");
	});

</script>

<?php
		}
	}
	else if ($_GET['action'] == 'modify')
	{
		validate_action_post( array( 'uname', 'psw', 'groupSelect' ) );
	
		$sql = "UPDATE user SET password = '{$_POST['psw']}', `group` = '{$_POST['groupSelect']}' WHERE name = '{$_POST['uname']}'";
		mysql_query( $sql ) or report_err_and_exit( '插入数据失败(' . mysql_error() . ')' );
		echo "<script type='text/javascript'> alert('修改成功!'); location.href='administrator.php';</script>";
	}
	else if ($_GET['action'] == 'delete')
	{
		validate_action_post( array( 'uname' ) );
		
		$sql = "SELECT u_id FROM `user` WHERE name = '{$_POST['uname']}'";	
		$result = mysql_query( $sql ) or report_err_and_exit( mysql_error() );
		$row = mysql_fetch_array( $result ) or report_err_and_exit( '指定用户不存在。' );
		$u_id = $row['u_id'];
	
		$sql = "DELETE FROM user WHERE u_id = $u_id";
		delete_from_table( $sql );
		
		$sql = "DELETE FROM page WHERE u_id = $u_id";
		delete_from_table( $sql );
		
		$sql = "DELETE FROM comment WHERE u_id = $u_id";
		delete_from_table( $sql );
		
		$sql = "DELETE FROM activity WHERE u_id = $u_id";
		delete_from_table( $sql );
		
		echo "<script type='text/javascript'> alert('删除成功!'); location.href='administrator.php';</script>";
	}
}
else
{
	$show_detail = false;
	
?>

<table class="datelist" cellspacing="10" cellpadding="10" border="0" style="display:block;font-family:Verdana;font-size:1.5em">
	<tbody>
		<tr class="datelisthead">
			<td class="usercol">账户名</td>
			<td class="pswcol">密码</td>
			<td class="groupcol">权限</td>
		</tr>

<?php

$sql = "SELECT name, password, `group` FROM `user` ORDER BY name";	
$result = mysql_query( $sql ) or report_err_and_exit( mysql_error() );
while ($row = mysql_fetch_array( $result ))
{
	echo <<<ROD
		<tr>
			<td><a href="administrator.php?action=search&srchtxt={$row['name']}">{$row['name']}</a></td>
			<td>{$row['password']}</td>
			<td>{$row['group']}</td>
		</tr>
ROD;
}

?>
		

	</tbody>
</table>

<?php
}

function delete_from_table($sql)
{
	mysql_query( $sql ) or report_err_and_exit( '删除数据失败(' . mysql_error() . ')' );
}

?>

<div style="clear:both" />

<?php

if ($show_detail)
{

?>

<!-- 输出用户情况 -->
<form name="modifyForm" action="administrator.php?action=modify" method="post">
<input type="hidden" id="uname" name="uname" value="<?php echo $userInfo['name']; ?>" />
<table class="datelist" cellspacing="10" cellpadding="10" border="0" style="display:block">
	<tbody>
		<tr class="datelisthead">
			<td class="usercol">账户名</td>
			<td>密码</td>
			<td>权限</td>
			<td>管理</td>
		</tr>
		<tr>
			<td><?php echo $username; ?></td>
			<td><input id="psw" name="psw" type="text" value="<?php echo $password; ?>" /></td>
			<td><select id="groupSelect" name="groupSelect" class="userselect">
					<option value="">&nbsp;</option>
					<option value="V">V</option>
					<option value="L">L</option>
					<option value="M">M</option>
				</select>
			</td>
			<td>
				<input type="button" id="btnMofify" value="修改" />
				<input type="button" id="btnDelete" value="删除用户" />
			</td>
		</tr>
	</tbody>
</table>
</form>

<script type="text/javascript">

	if ($('#uname').val() != '')
	{
		$(function() {
			$("#btnMofify").click( function() {
				if ($('#psw').val() == '')
				{
					alert('密码不能为空。');
					$('#psw').focus();
					return;
				}
				
				if ($('#groupSelect').val() == '')
				{
					alert('必须选择一个有效的组别。');
					$('#groupSelect').focus();
					return;
				}
				
				document.modifyForm.submit();
			});
			
			$("#btnDelete").click( function() {
				document.modifyForm.action = 'administrator.php?action=delete';
				document.modifyForm.submit();
			});
		});
	}

</script>

<?php

}
else
{
	echo '<div style="height:14px">&nbsp;</div>';
}

//********************** 页面内容结束 **********************

output_frame_footer();

?>